Backed out 2 changesets (bug 1450309) for wpt failures on reporting-navigation.https.html. CLOSED TREE

Backed out changeset 7fae6ea289bd (bug 1450309)
Backed out changeset 14c35856cea4 (bug 1450309)

browser/components/enterprisepolicies/Policies.jsm

@@ -2011,7 +2011,10 @@ var Policies = {
 
   WebsiteFilter: {
     onBeforeUIStartup(manager, param) {
-      WebsiteFilter.init(param.Block || [], param.Exceptions || []);
+      this.filter = new WebsiteFilter(
+        param.Block || [],
+        param.Exceptions || []
+      );
     },
   },
 };

browser/components/enterprisepolicies/helpers/WebsiteFilter.jsm

@@ -18,8 +18,8 @@
  * by using the special "<all_urls>" pattern for the blocklist, and then
  * adding all whitelisted websites on the exceptions list.
  *
- * Note that this module only blocks top-level website navigations and embeds.
- * It does not block any other accesses to these urls: image tags, scripts, XHR, etc.,
+ * Note that this module only blocks top-level website navigations. It doesn't
+ * block any other accesses to these urls: image tags, scripts, XHR, etc.,
  * because that could cause unexpected breakage. This is a policy to block
  * users from visiting certain websites, and not from blocking any network
  * connections to those websites. If the admin is looking for that, the recommended
@@ -48,86 +48,73 @@ XPCOMUtils.defineLazyGetter(this, "log", () => {
 
 var EXPORTED_SYMBOLS = ["WebsiteFilter"];
 
-let WebsiteFilter = {
-  init(blocklist, exceptionlist) {
-    let blockArray = [],
-      exceptionArray = [];
+function WebsiteFilter(blocklist, exceptionlist) {
+  let blockArray = [],
+    exceptionArray = [];
 
-    for (let i = 0; i < blocklist.length && i < LIST_LENGTH_LIMIT; i++) {
-      try {
-        let pattern = new MatchPattern(blocklist[i].toLowerCase());
-        blockArray.push(pattern);
-        log.debug(`Pattern added to WebsiteFilter. Block: ${blocklist[i]}`);
-      } catch (e) {
-        log.error(`Invalid pattern on WebsiteFilter. Block: ${blocklist[i]}`);
-      }
+  for (let i = 0; i < blocklist.length && i < LIST_LENGTH_LIMIT; i++) {
+    try {
+      let pattern = new MatchPattern(blocklist[i]);
+      blockArray.push(pattern);
+      log.debug(`Pattern added to WebsiteFilter. Block: ${blocklist[i]}`);
+    } catch (e) {
+      log.error(`Invalid pattern on WebsiteFilter. Block: ${blocklist[i]}`);
     }
+  }
 
-    this._blockPatterns = new MatchPatternSet(blockArray);
+  this._blockPatterns = new MatchPatternSet(blockArray);
 
-    for (let i = 0; i < exceptionlist.length && i < LIST_LENGTH_LIMIT; i++) {
-      try {
-        let pattern = new MatchPattern(exceptionlist[i].toLowerCase());
-        exceptionArray.push(pattern);
-        log.debug(
-          `Pattern added to WebsiteFilter. Exception: ${exceptionlist[i]}`
-        );
-      } catch (e) {
-        log.error(
-          `Invalid pattern on WebsiteFilter. Exception: ${exceptionlist[i]}`
-        );
-      }
-    }
-
-    if (exceptionArray.length) {
-      this._exceptionsPatterns = new MatchPatternSet(exceptionArray);
-    }
-
-    let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
-
-    if (!registrar.isContractIDRegistered(this.contractID)) {
-      registrar.registerFactory(
-        this.classID,
-        this.classDescription,
-        this.contractID,
-        this
+  for (let i = 0; i < exceptionlist.length && i < LIST_LENGTH_LIMIT; i++) {
+    try {
+      let pattern = new MatchPattern(exceptionlist[i]);
+      exceptionArray.push(pattern);
+      log.debug(
+        `Pattern added to WebsiteFilter. Exception: ${exceptionlist[i]}`
       );
-
-      Services.catMan.addCategoryEntry(
-        "content-policy",
-        this.contractID,
-        this.contractID,
-        false,
-        true
+    } catch (e) {
+      log.error(
+        `Invalid pattern on WebsiteFilter. Exception: ${exceptionlist[i]}`
       );
     }
-  },
+  }
 
-  shouldLoad(contentLocation, loadInfo, mimeTypeGuess) {
-    let contentType = loadInfo.externalContentPolicyType;
-    if (
-      contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT ||
-      contentType == Ci.nsIContentPolicy.TYPE_SUBDOCUMENT
-    ) {
-      if (this._blockPatterns.matches(contentLocation.spec.toLowerCase())) {
-        if (
-          !this._exceptionsPatterns ||
-          !this._exceptionsPatterns.matches(contentLocation.spec.toLowerCase())
-        ) {
-          return Ci.nsIContentPolicy.REJECT_POLICY;
-        }
+  if (exceptionArray.length) {
+    this._exceptionsPatterns = new MatchPatternSet(exceptionArray);
+  }
+
+  Services.obs.addObserver(this, "http-on-modify-request", true);
+}
+
+WebsiteFilter.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIObserver",
+    "nsISupportsWeakReference",
+  ]),
+
+  observe(subject, topic, data) {
+    let channel,
+      isDocument = false;
+    try {
+      channel = subject.QueryInterface(Ci.nsIHttpChannel);
+      isDocument = channel.isDocument;
+    } catch (e) {
+      return;
+    }
+
+    // Only filter document accesses
+    if (!isDocument) {
+      return;
+    }
+
+    if (this._blockPatterns.matches(channel.URI)) {
+      if (
+        !this._exceptionsPatterns ||
+        !this._exceptionsPatterns.matches(channel.URI)
+      ) {
+        // NS_ERROR_BLOCKED_BY_POLICY displays the error message
+        // designed for policy-related blocks.
+        channel.cancel(Cr.NS_ERROR_BLOCKED_BY_POLICY);
       }
     }
-    return Ci.nsIContentPolicy.ACCEPT;
-  },
-  shouldProcess(contentLocation, loadInfo, mimeTypeGuess) {
-    return Ci.nsIContentPolicy.ACCEPT;
-  },
-  classDescription: "Policy Engine File Content Policy",
-  contractID: "@mozilla-org/policy-engine-file-content-policy-service;1",
-  classID: Components.ID("{c0bbb557-813e-4e25-809d-b46a531a258f}"),
-  QueryInterface: ChromeUtils.generateQI(["nsIContentPolicy"]),
-  createInstance(outer, iid) {
-    return this.QueryInterface(iid);
   },
 };

browser/components/enterprisepolicies/tests/browser/browser_policy_websitefilter.js

@@ -7,7 +7,7 @@ const SUPPORT_FILES_PATH =
 const BLOCKED_PAGE = `${SUPPORT_FILES_PATH}/policy_websitefilter_block.html`;
 const EXCEPTION_PAGE = `${SUPPORT_FILES_PATH}/policy_websitefilter_exception.html`;
 
-add_task(async function test_http() {
+add_task(async function test() {
   await setupPolicyEngineWithJson({
     policies: {
       WebsiteFilter: {
@@ -20,29 +20,3 @@ add_task(async function test_http() {
   await checkBlockedPage(BLOCKED_PAGE, true);
   await checkBlockedPage(EXCEPTION_PAGE, false);
 });
-
-add_task(async function test_http_mixed_case() {
-  await setupPolicyEngineWithJson({
-    policies: {
-      WebsiteFilter: {
-        Block: ["*://mochi.test/*policy_websitefilter_*"],
-        Exceptions: ["*://mochi.test/*_websitefilter_exception*"],
-      },
-    },
-  });
-
-  await checkBlockedPage(BLOCKED_PAGE.toUpperCase(), true);
-  await checkBlockedPage(EXCEPTION_PAGE.toUpperCase(), false);
-});
-
-add_task(async function test_file() {
-  await setupPolicyEngineWithJson({
-    policies: {
-      WebsiteFilter: {
-        Block: ["file:///*"],
-      },
-    },
-  });
-
-  await checkBlockedPage("file:///this_should_be_blocked", true);
-});

docshell/base/nsDocShell.cpp

@@ -6508,7 +6508,6 @@ nsresult nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
     // Bug 1629201 is filed for having much clearer decision making around
     // which cases need error events.
     bool fireFrameErrorEvent = (aStatus == NS_ERROR_CONTENT_BLOCKED_SHOW_ALT ||
-                                aStatus == NS_ERROR_BLOCKED_BY_POLICY ||
                                 aStatus == NS_ERROR_CONTENT_BLOCKED);
     UnblockEmbedderLoadEventForFailure(fireFrameErrorEvent);
 
@@ -8427,13 +8426,8 @@ nsresult nsDocShell::PerformRetargeting(nsDocShellLoadState* aLoadState) {
                                    &shouldLoad);
 
     if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
-      if (NS_SUCCEEDED(rv)) {
-        if (shouldLoad == nsIContentPolicy::REJECT_TYPE) {
-          return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
-        }
-        if (shouldLoad == nsIContentPolicy::REJECT_POLICY) {
-          return NS_ERROR_BLOCKED_BY_POLICY;
-        }
+      if (NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) {
+        return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
       }
 
       return NS_ERROR_CONTENT_BLOCKED;

dom/base/nsIContentPolicy.idl

@@ -468,12 +468,6 @@ interface nsIContentPolicy : nsISupports
    */
   const short REJECT_OTHER = -4;
 
-  /**
-   * Returned from shouldLoad or shouldProcess if the load/process is forbiddden
-   * based on enterprise policy.
-   */
-  const short REJECT_POLICY = -5;
-
   /**
    * Returned from shouldLoad or shouldProcess if the load or process request
    * is not rejected.

dom/security/nsContentSecurityManager.cpp

@@ -588,16 +588,11 @@ static nsresult DoContentSecurityChecks(nsIChannel* aChannel,
     NS_SetRequestBlockingReasonIfNull(
         aLoadInfo, nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_GENERAL);
 
-    if (NS_SUCCEEDED(rv) &&
+    if ((NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) &&
         (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
          contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
-      if (shouldLoad == nsIContentPolicy::REJECT_TYPE) {
-        // for docshell loads we might have to return SHOW_ALT.
-        return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
-      }
-      if (shouldLoad == nsIContentPolicy::REJECT_POLICY) {
-        return NS_ERROR_BLOCKED_BY_POLICY;
-      }
+      // for docshell loads we might have to return SHOW_ALT.
+      return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
     }
     return NS_ERROR_CONTENT_BLOCKED;
   }